Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-4340

Published: 30/04/2024 Updated: 30/04/2024

Vulnerability Summary

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Vendor Advisories

Debian CVElist Bug Report Logs: sqlparse: CVE-2024-4340: sqlparse parsing heavily nested list leads to Denial of Service
Debian Bug report logs - #1070148 sqlparse: CVE-2024-4340: sqlparse parsing heavily nested list leads to Denial of Service Package: src:sqlparse; Maintainer for src:sqlparse is Andrii Senkovych <andrii@senkovychcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 30 Apr 2024 21:21:01 UTC Severity: ...

References

CWE-674https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03https://github.com/advisories/GHSA-2m57-hf25-phgghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070148https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook